Fears of major cyber attacks on banks have been rising since hackers successfully stole nearly $100 million from the Bangladesh Bank, the central bank, in 2016. Shortly after that incident, Russian central bank disclosed that hackers stole more than $31 million from the country's central bank and commercial banks. SWIFT - the predominant messaging network used by banks - warned that these kinds of cyber attacks are likely to rise.
As more and more consumers get connected to the cloud, the massive growth of sensitive data stored online becomes an ever-growing target for hackers and criminals. Bangladesh Bank cyber heist exemplifies the many factors that make it difficult to set aside cyber security issues from continuous monitoring. As the cliché goes, a chain is only as strong as its weakest link. Hackers are always on prowl for the weakest link and to exploit those access points. The financial industry all over the world has struggled to keep pace with technological innovation, particularly given the extensive regulation governing its operation. While legacy technology may seem like just an inconvenience to consumers, it has become a major security risk for commercial banks, insurance companies and their consumers. At the same time, hackers have benefited from new technologies that make it easier to hack into these legacy banking systems.
Bangladesh Bank heist also illustrated vulnerabilities in the bank's computer system. According to SWIFT, relatively simple malware was detected on its clients' (bank) computer systems targeting a PDF reader used to check statement messages. Hackers used the malware to bypass primary risk controls and initiate irrevocable fund transfer processes, while tampering with statements and confirmations that would normally act as secondary controls.
The so-called two-factor authentication is a nearly bullet-proof way to secure consumer bank accounts. Banks send a temporary code to the consumer's cell phone before allowing them to login, which means hackers would need access to both the computer and the cell phone to capture the account. Despite the effectiveness of the method, several major banks don't use two-factor authentication to protect consumers' accounts.
The forces that make cyber security challenging are: use of third-party vendors, evolving sophisticated technologies, cross-border data exchanges, increased use of mobile technologies and the adoption of the internet of things (IoT). Rather than face security head on, cyber criminals know that exploiting individuals to gain unauthorised access to financial institutions is a proven modus operandi. Sensitive data held by individuals is becoming even more accessible as the IoT wave grows from smartphones and tablets to wearable technology, and home and office automation devices. Hackers can access individuals' personal data through an ever-expanding arsenal of devices as the adoption of the IoT continues to grow.
Consumers have relatively little to lose from cyber attacks on banks, provided they aren't lax about safeguarding their information, and quickly notify the bank if funds are missing. Business accounts, however, have fewer protections and could be subject to greater losses. Banks themselves have fewer assurances from the government that they would remain solvent if a major cyber attack took place. These attacks could target banks' processing systems and disrupt critical financial transactions.
Financial institutions can use big data analysis to identify and react to both external and internal security risks. Biometric security technology uses physical and location-based identification to confirm that the right individuals access data. However, financial institutions must adhere to privacy concerns among customers and employees. Keeping the data safe, while not compromising customer convenience, is the challenge for financial institutions and their cyber security programmes and policies.
Cyber security has become a matter of paramount concern for the banking sector, but some banks, especially state-owned banks in Bangladesh, are still hesitant to implement full-scale security measures, and regulators have been slow to develop plans to address major attacks if and when they occur. Consumers may be able to recover their money under a particular law, but experts are concerned that the escalating attacks, if successful, could render a major bank insolvent.
© 2024 - All Rights with The Financial Express
